When financial fraud meets facial recognition, the jig may be up

(Reuters) - Chip McBreen, who leads fraud prevention and security at Members 1st Credit Union in Pennsylvania, has become a believer in facial recognition tools to stop bank fraud. He says the emerging technology has already delivered results for the institution many times.

“We had a case last week where we had a person come in with a fictitious drivers license, and we actually used it (the technology) to determine that wasn’t the member,” he says. “It allows me to search for it (the image) very quickly and produce that for law enforcement.”

Facial recognition technology is starting to be more widely used in the banking industry as a fraud detection tool, as well as in other industries, such as to identify cheaters at casinos. It can capture demographic information about shoppers. It’s even used on Facebook. Because there is a potential for abuse, the Federal Trade Commission is starting to look into how the technologies are being implemented. The FTC is hosting a Washington, D.C. workshop on December 8 to determine what’s at stake in terms of privacy and security.

So far, what the financial arena reports is mostly success, especially in capturing images from ATMs and teller windows and building them into a searchable collection of data. Skimming from ATMs, which involves collecting victims’ card information and passwords and then drawing from their accounts, is estimated to be a $1 billion a year fraud.

Where the tools work best is when a string a suspicious transactions is reported, images of the person using the ATM can be quickly found and that person can be connected to other potentially fraudulent transactions.

“We know what you look like. We have your face information,” says Al Shipp, chief executive officer of video intelligence company 3VR. Your image is “used to separate the good guys from the bad guys.”

Instead of going through hour upon hour of video to find something, today’s videos can be examined like any database. Shipp says his company’s tools allow clients to search by face, license plate or even look for an object by its size or shape.

“Instead of just watching hours, days or weeks of video, you can search right down to the pertinent video that you’re looking for,” he says.

There’s a fine line between how the technology is being used now and where privacy experts are concerned it might go.

Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse, says there’s nothing inherently wrong with using the technology. But there is a great deal of concern about how it can be used, and misused.

“Here, the concept is that each customer is going to have a profile. You now have a database of every customer of that bank,” he says. “One of the fundamental concepts of privacy is to minimize the amount of data that you have. Actually having your picture is not something that’s essential to engaging in a financial transaction.”

If consumers are given the choice to opt in to such a database, Stephens says there’s really no issue. But that’s unlikely to happen, he says.

“Is the consumer going to be aware of the fact that this technology is being used and will they have a right to decline? I‘m guessing no and no,” he says.

McBreen acknowledges that Members 1st customers are not told about the facial recognition tools. However, he says they are asked specifically whether they want their image attached to their accounts as a fraud prevention tool.

Dr. Jeffrey Spiegel, a facial reconstructive surgeon and professor at Boston University Medical School, says the technology has become more accurate over time. And, he says, it appears to make sense to have computers analyze faces for security purposes.

But having all those faces scanned into databases also sends a chill.

“The area of concern is when you match a name with the biometric data,” Spiegel says. “I have no problem with Coca-Cola determining that men my age drink Coke Zero instead of full-sugar Coke. But the big problem will be is when that biometric data says that’s Jeffrey Spiegel, and he’s at the ballgame...All collected data is dangerous once it becomes linked to your name.”

The author is a Reuters contributor. The opinions expressed are his own.